nanog mailing list archives
Re: Open Resolver Problems
From: Alain Hebert <ahebert () pubnix net>
Date: Mon, 25 Mar 2013 13:34:26 -0400
Hi, Well... On 03/25/13 12:51, Nick Hilliard wrote:
On 25/03/2013 16:35, Alain Hebert wrote:That might be just me, but I find those peers allowing their customers to spoof source IP addresses more at fault.that is equally stupid and bad.
In my eyes, those peers are the source of it. One can justify Open Relay and the lag into moving into not being an attack vector... while the case for allowing IP spoofing is a tad harder to justify.
PS: Some form of adaptive rate limitation works for it btw =Dno, it doesn't. In order to ensure that your resolver clients are serviced properly, you need to keep the DNS query rate high enough that if someone has a large bcp38-enabled botnet, they can trash the hell out of whoever they want.
We all need to be more flexible and actually work toward fixing both end of the issue.
The best solution is to disable open recursion completely, and police your clients regularly. Nick
I just intervene on one of today's DNS Amp... which is going to many targets mind you... on a client with a NT4.0 Server and another with FreeBSD 5.1 =D ( You can say bye bye to that NT4.0 client revenue :( ) Now about some of "those" peers start enforcing some form of source IP rules... PS: The Open Relay situation is easy to fix for a subscriber type corp (like say a Cable provider)... and less for smaller outfit providing all sort of IT services. ----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Scott Noel-Hemming (Mar 29)
- Re: Open Resolver Problems Mattias Ahnberg (Mar 25)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)
- Re: Open Resolver Problems Joe Abley (Mar 25)
- Re: Open Resolver Problems Måns Nilsson (Mar 25)
- Re: Open Resolver Problems Joe Abley (Mar 25)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Jay Ashworth (Mar 26)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Jon Lewis (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 25)